Main Vulnerability Database Vulnerabilities #VU46239

#VU46239 Improper Privilege Management in kotlin - CVE-2020-15824

Published: August 8, 2020 / Updated: September 3, 2020

Vulnerability identifier: #VU46239

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-15824

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
kotlin

Software vendor:
Google

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.

Remediation

Install update from vendor's website.

External links

https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/

#VU46239 Improper Privilege Management in kotlin - CVE-2020-15824

Description

Remediation

External links

Please verify you're human